This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:59:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 99c0817866b503e42544f9b9fc90af8a71e4f0c2 * md5sum d77bb39ceb348675dcc864aa55d3c1e2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3t8AAoJEIXCXpWhbrlNfQcIAOVW5bshedPDJkYM5VpvQrWx uFnM0LaUVq4q28bc6oxzx4g8U1wtx0xykCnuGtkQxNYUGaCVnRlDTDbYyhi+DKBF m8Fh5F1yZd9wj5X9+URKLo8ovzpwqZTsLYu1j4s5NJdqMZ2lCmib33H8EU2MASh9 NxNE1rske9ggFSxUo2ddpYGEwjKBkqXqZ0X99yU6JWhKCtIBesuJ9e5uOA+6jvdW MDLYR817c6urx8scb/PMJPF5j4GzsF34vO3S5MLRAkgTUwadMSe3vhMsoe9fssTw giOJZYop6OeQ5+iOPyhyMlF1UYaR8r53Hk5pLG7TROMpl9SstHvRhxOIWw5xfGE= =fDEx -----END PGP SIGNATURE-----